OpenDNS Labs observing rise in phishing attacks

The attacks that OpenDNS Labs have spotted are being driven by a rise in phishing attacks. It says: “Although most of the phishing sites we detect are specifically setup for phishing purposes we are also seeing an increase in the compromise of legitimate sites in which they are modified to host Bitcoin wallet phishing along with other phishing content.”

The blog focuses on how the attacks are being carried out. One of the attack methods identified is the use of compromised Gmail accounts. OpenDNS Labs claims these are used: “to gain access to Google AdWords and improve SEO thereby percolating these Blockchain.info phishes to the top of search results.” According to the blog, this emerging use of compromised sites is an indication that online wallet phishing is here to stay.

No relationship between ransomware and Bitcoin price

Over the last month some security vendors have been drawing parallels between Bitcoin prices and ransomware. OpenDNS Labs says this is not the case. It plots the rise in ransomware and Bitcoin pricing. This shows that while there is a rise in both, Bitcoin prices have fluctuated while ransomware has risen consistently.

What is happening is that this is the combination of two different types of attacks. The blog gives an example of how this happens. In brief the timeline is:

User infected with ransomware

Follow unlocking advice and told to buy Bitcoins

Search for Bitcoin sales and encounter forged AdWords

Buys Bitcoins to pay off ransomware but has personal information compromised by secondary attackers.

All of this could reasonably be done by the same team. However the OpenDNS Labs team say that this is two groups because the goals are different. They say: “Stolen credentials are a lot cheaper than most ransoms, so ransomware authors would not try to steal credentials, but rather get paid.” This double attack approach is something that has not surfaced before. Avoiding it may be hard for many victims.

Conclusion

Bitcoin has had a chequered past when it comes to security. The official Bitcoin Wiki contains its own warnings over wallet vulnerabilities. Bitcoins users need to keep a regular check on their own security. Using different credentials for their Bitcoin wallets compared to other services is a start. Another is to be careful about the use of third-party wallets. If Bitcoin is to gain widespread adoption there is a need to rethink its current level of security.

Ian has been a journalist, editor and analyst for over 30 years. While technology remains the core focus of Ian's writings he also covers science fiction, children toys, field hockey and progressive rock. As an analyst, Ian is the Cyber Security and Infrastructure Practice Leader for Creative Intellect Consulting Ltd.
A keen hockey goalkeeper, Ian coaches and plays for a number of clubs including Guildford Hockey Club, Alton Hockey Club, Royal Navy, Combined Services, UK Armed Forces and several touring sides. His ambition is to one day represent England. Ian has also been selected to be the goalkeeping coach for Hockey for Heroes, a UK charity supporting the UK Armed Forces.

1 COMMENT

[…] correction in values is not the only threat to BTC users. There has been a significant increase in malware attacks on BTC wallets. This is causing many new BTC users to worry about the security of their investment. To help them […]